Annex 6 Code of Ethics - InfoCert
Transcript of Annex 6 Code of Ethics - InfoCert
1
Annex 6
Code of Ethics
This document is the property of InfoCert S.p.A. Reproduction in whole or in part of this document is prohibited
2
TABLE OF CONTENTS: 1. Foreword
1.1 Introduction
1.2 Adoption
1.3 Recipients, distribution and updates
1.4 Training
2. Structure of the Code of Ethics
3. General Principles
3.1 Legality
3.2 Fairness, loyalty, impartiality and integrity
3.3 Transparency
3.4 Organisational system
3.4.1 System of proxies and powers of attorney
3.5 Confidentiality
3.5.1 Protection of business secret
3.5.2 Protection of privacy
3.6 Respect for human dignity
3.7 Protection of image
3.8 Use of IT and electronic tools
3.9 Entertainment, gifts and other benefits
3.10 Protection of company assets
4. Ethical principles of corporate governance
4.1 Corporate bodies and relations with shareholders
4.2 Operating procedures
4.3 Accounting transparency
4.4 Conflict of interest
4.5 Accountability
5. Relations with employees
3
5.1 Employee selection, recruitment and evaluation
5.2 Professional development and human resource development
5.3 Protection of health and safety at work
6. Relations with third parties
6.1 Relations with the Public Administration in general
6.2 Relations with Supervisory and Control Authorities
6.3 Relations with judicial authorities
6.4 Relations with customers and purchasers
6.5 Relations with suppliers
6.6 Relations with financial intermediaries
6.7 Relations with Political Parties and Trade unions
6.8 Rules of conduct for the protection of the environment
7. Relations with the media and management of information
7.1 Conduct
7.2 Price sensitive information
8. Relations with associated companies
9. Protection of industrial and intellectual property rights. Protection of
software and databases
10. Prevention of money laundering and handling of stolen goods
11. Tools for implementing the Code of Ethics
11.1 Internal control and risk management system
11.2 Code of Ethics Guarantor
12. Disciplinary and penalty system
4
1. FOREWORD 1.1 Introduction This Code ("Code of Ethics") defines a set of values that InfoCert S.p.A. recognises,
accepts, shares and assumes as an essential prerequisite in conducting corporate
activities and in its corporate organisation. Conceived to update, complement and
enhance the Company's system of behavioural, ethical and value standards at all levels,
it provides the Company with a strategic platform designed to stimulate dialogue with
all stakeholders and to set up a coherent and sustainable path of development for its
entire set of activities. The set of principles laid down in the Code is essential for the
prevention of the offences provided for in Legislative Decree No. 231/2001, and is
formally an integral component of the same model of organization, management and
control. It therefore sets out the core values that guide InfoCert in pursuing its
objectives and interests and which the company considers essential for the proper
conduct of business activities and to protect its reliability, reputation and corporate
image. The Code further establishes rules of conduct and commitments which must be
observed as well as methods of communication, distribution, control and monitoring of
the Code of Ethics as required by the said Legislative Decree.
1.2 Adoption This Code was adopted by resolution of the Board of Directors of the Company (“BoD”)
dated 30th July 2015. The adoption of the ethical standards of conduct set out in the
Code is a moral duty for recipients and is aimed at achieving business objectives
according to the principles of loyalty, integrity, fairness and transparency of
management, professionalism, legality, collaboration and cooperation, fully complying
with national and international legislations.
5
1.3 Recipients, distribution and updates This Code was adopted pursuant to Legislative Decree No. 231 of 2001. Its recipients
include directors, auditors, managers and employees of the Company, members of the
Supervisory Board (“SB”) and, in general, all outside and inside staff working directly or
indirectly for InfoCert S.p.A., who each undertake to comply with the contents of the
Code. In particular, by virtue of specific acceptance or special contractual clauses, the
following external stakeholders are required to comply with the Code of Ethics:
employees, consultants, self-employed workers, as well as suppliers and partners.
Recipients shall:
- abide by the standards of conduct defined in the Code;
- immediately inform the Supervisory Board and the Board of Directors of any violations
of the Code of Ethics, as soon as they become aware of them;
- request, if necessary, interpretations or clarifications on the standards of conduct
defined therein.
Departmental Managers and other managers, as well as of the members of the SB, who
are in charge of supervising implementation of the Code of Ethics, are required to take
special care and attention.
This Code shall be widely distributed within the Company and made available to all
Company’s stakeholders, including external entities having dealings with the Company.
Knowledge of and compliance with the Code of Conduct by all recipients are essential
aspects for the Company's transparency and reputation. As regards the internal control
system and following an evaluation of crime risks associated with the Company’s
business areas, the Code of Ethics is used as the benchmark for both the preventive
Organizational, Management and Control Model and for the system of penalties
applicable to infringements of its provisions, as adopted by InfoCert SpA pursuant to
Articles 6 and 7 of Legislative Decree No. 231/2001 and in accordance with the Code of
Conduct adopted by Confindustria under that decree. Supervision and checks on the
implementation of the Code of Ethics are the responsibility of the Directors, the SB and
6
the Company's managers, as well as of its employees, who shall report to the former any
defaults or non-application of the Code. The SB, directors and Company’s executives
may - either jointly or individually - put forward proposals to complement or amend the
contents of the Code. The Board of Directors and particularly the SB shall - including as
a result of the above suggestions and / or proposals - order to update the Code of Ethics
in order to be compliant with new legislation and to reflect the evolution of social
sensitivity. Compliance by staff with the rules set out in this Code is an essential part of
contractual obligations under both Article 2104 of the Italian Civil Code and the
industry's National Labour Collective Agreement. As a result, any infringement of the
provisions of the Code of Ethics by staff may be considered as a violation of primary
obligations under labour relations or of the rules of discipline, and can entail the
consequences provided for by law.
1.4 Training In collaboration with the SB, InfoCert S.p.A. undertakes to spread the principles of
conduct defined in this Code so that they are applied to current choices and promote the
skills and the knowledge required to recognise, analyse and solve recurring ethical
matters within the organisation. For this purpose, the Company shall prepare specific
training activities suitable for each of its corporate levels and aimed at promoting an
understanding of ethical principles and conduct which are at the core of its activities.
7
2 STRUCTURE OF THE CODE OF ETHICS The Code of Ethics consists of the following parts: ➢ General Principles;
➢ Ethical principles of corporate governance;
➢ Relations with employees;
➢ Relations with third parties;
➢ Relations with the media and management of information;
➢ Relations with associated companies;
➢ Protection of industrial and intellectual property rights. Protection of software and
databases;
➢ Prevention of money laundering and handling of stolen goods;
➢ Tools for implementing the Code of Ethics;
➢ Sanctioning and disciplinary system.
3 GENERAL PRINCIPLES 3.1 Legality In the course of their activities and relations of every kind and nature, all those who
work with and for InfoCert S.p.A. are required to diligently observe all applicable rules,
laws, directives and national and international regulations, as well as generally accepted
practices and internal procedures.
3.2 Fairness, loyalty, impartiality and integrity In its relations with employees and counterparts, InfoCert S.p.A. shall comply with the
principles of loyalty, fairness, impartiality and integrity, which lie at the core of all of its
corporate activities and of its organisational management. Any failure to comply with
the Code shall not be tolerated or justified under any circumstances. As evidence of this,
relations with the stakeholders must at all levels be based on fairness, cooperation,
8
loyalty and mutual respect. In its relations with its stakeholders, the Company does not
tolerate any kind of discrimination based on age, gender, sexual preference, health,
race, nationality, political opinions, membership of trade union, religious beliefs and
economic situation. The Company also undertakes to conduct its business in full
compliance with competition and antitrust laws.
3.3 Transparency The Company ensures that its business is conducted according to principles of
transparency, i.e. in a context of truthfulness, accuracy, completeness and timeliness of
its documentation and information. In this regard, InfoCert undertakes to providing
accurate information to the relevant bodies and departments regarding significant facts
concerning corporate and accounting management aspects, in order to avoid any
misleading situations in transactions carried out on its behalf. The Company further
undertakes to act in a clear and transparent manner, without favouring any specific
interest groups or individuals. In carrying out their duties and activities, all recipients
are required to comply with the principles of transparency.
3.4 Organisational System
The Company must establish organisational tools (organisational charts,
organisational communications, procedures, operational and decision-making
processes, etc.) based on the following general principles, on which individual
operating protocols should also be based:
➢ Segregation of roles, with an accurate and complete description of duties, powers
and responsibilities for each position
➢ Knowability, transparency and publicity of powers, both within the Company and
towards third parties
9
➢ Adequacy of the internal communication system and clear description of reporting
lines
➢ Documentation and verifiability of all company activities, so as to ensure the
traceability of transactions and parties involved in each managerial operation and to
facilitate checks
➢ Separation of duties, particularly with regard to decision-making, operational and
supervisory positions
To achieve this, internal procedures used to identify and highlight a sequence of
behaviours typical of various corporate activities shall be characterised by the following
principles and elements:
➢ Segregation of duties and positions, ie separation within each process between
decision makers, decision recipients and decision implementation supervisors
➢ Traceability of each process step
➢ Formalisation of a system of powers of representation which clearly
identifies corporate officers who hold authorisation and signatory powers
➢ Definition of reporting lines and information flows between different
corporate levels and assignment of relevant responsibilities
➢ The Company's organisational and functional charts, as well as the sectors and
responsibilities associated with business functions shall be specifically identified and
notified to all employees via sufficiently clear and detailed administrative orders,
10
circulars and notices
➢ Determination of the roles and duties of internal managers for each crime-
sensitive corporate activity, who shall be conferred with powers to manage, drive and
coordinate the underlying business functions
➢ Management of financial resources based on crime prevention procedures
➢ Phasing and allocation to multiple corporate positions of activities such as
selection of goods and service suppliers, verification of compliance with contractual
terms upon invoicing and management of entertainment expenses and gifts
➢ Identification of procedures aimed at regulating supplier selection and
rating mechanisms, assigning projects and managing business initiatives
and activities involving public and private clients, as well as handling
institutional or occasional relationships with them.
3.4.1 System of proxies and powers of attorney The system of proxies and powers of attorney shall be characterised by elements of
certainty for the purpose of preventing offences under Legislative Decree No. 231/2001.
A Proxy shall be defined as any internal document transferring duties and tasks from
the original holder to an agent, as resulting from organisational communications. A
power of attorney is a unilateral legal transaction by which the company confers
upon a single person the power to act on its behalf.
The system of proxies and powers of attorney shall meet the following requirements:
➢ Any person authorised to bind the company in relation to third parties shall hold a
relevant power of attorney
➢ Each proxy shall clearly state: 1) the powers of the proxy holder and any limitations
thereof; 2) the person that the proxy holder reports to
➢ The holder of a power of attorney shall have adequate spending authority to carry
11
out the functions conferred upon them
➢ Each mandate shall be subject to the revocation and termination provisions
provided for the Italian Civil Code
The SB shall regularly check the current system of proxies and powers of
attorney for consistency with the entire system of organisational communications and
shall recommend changes if the delegated powers and/or the qualification do not match
the powers of representation granted to the agent, or if there are any other anomalies.
3.5 Confidentiality 3.5.1 Protection of business secret During its course of business, InfoCert S.p.A. may need to acquire, store, process,
communicate and disseminate news, documents and other data on negotiations,
financial transactions and know-how (such as contracts, documents, reports, studies,
software etc.) which, partly as a result of specific contractual clauses and legal
requirements, may not be disclosed to outside parties or which, if disclosed, may harm
the interests of the company. Therefore, except as otherwise provided by information
and transparency obligations envisaged by law, all recipients of this Code are required to
ensure the level confidentiality applicable to each piece of information acquired in the
exercise of their duties. Any information or data acquired or processed during working
hours or because of professional duties belongs to InfoCert and may not be used,
communicated or disclosed without specific authorisation and shall at all times be used
in compliance with specific procedures. Recipients are bound to certain confidentiality
requirements on the processing and disclosure of data and information acquired while
performing their duties, even following termination of their employment relationship or
a change of duties.
3.5.2 Protection of privacy
12
The Company undertakes to protect any information concerning its employees and third
parties generated or obtained as part of its business dealings and to avoid misuse of
such information. Processing of such data shall comply with the rights and fundamental
freedoms and the dignity of those concerned, as required by current regulations.
Personal data shall be processed in a lawful and fair manner and collected and recorded
for legitimate and specific purposes. They shall not be retained beyond the time that is
strictly necessary to attain the purposes for which they were collected. InfoCert further
undertakes to adopt suitable preventive safety measures for all databases in which
personal data are collected and stored, in order to avoid any risks of data destruction
and loss or of unauthorised data access or processing.
In particular, recipients shall:
a) obtain and process only data required to perform the activities and tasks for which
they are intended;
b) collect and process such data only within specified procedures, and store said data
in a way that prevents unauthorised access to it;
c) represent and order data in such a way that any authorised person to access such
data, can easily get the most accurate possible outline, exhaustive and truthful;
d) communicate the data in accordance with agreed procedures or with the express
authorisation of their superiors and, in all cases, after ensuring that the data in question
are disclosable, including with regard to any absolute or relative constraints concerning
third parties bound to the Company by relationships of any nature.
3.6. Respect for human dignity Recipients shall respect fundamental human rights, upholding personal moral integrity
and ensuring equal opportunities. To this end the Company prohibits, in both internal
and external working relations, any form of discriminatory behaviour based on age,
gender, sexual orientation, ethnic origin, nationality, health status, religion, political
opinion, membership of trade unions or any other human feature. InfoCert protects and
13
guarantees individual freedom in all its forms and expressions, rejecting any kind of
discrimination, violence, corruption, forced or child labour, recognising and
safeguarding the dignity, freedom and equality of human beings as well protecting
labour and trade union rights, human health, safety and the environment.
3.7 Protection of image The Company's good standing and image are an essential intangible asset. Each
employee must therefore act in accordance with the principles laid down by laws,
regulations, Company’s Statute and by this Code in both their internal and external
working relationships (customers, suppliers, contractors, PA, etc.), without ever
jeopardizing the integrity of the Company whilst maintaining a certain decorum. All
recipients must behave so as to ensure impartiality, diligence, efficiency and
transparency in the performance of their specific functions, as well as to prevent any
form of corruption and lawlessness.
3.8 Use of IT and electronic tools Recipients of this Code are required to use the IT tools made available to them for
business purposes in accordance with security measures, applicable operating
procedures, regulations in force, license agreements terms and corporate policies. This
aims in particular to protect the IT system and information assets of both the Company
and third parties, including, but not limited to, public administrations, customers,
suppliers and competitors. Within his/her duties, each employee must make all efforts
to prevent offences committed by the use of electronic communications and information
systems. The downloading of unauthorised software, the making of unauthorised copies
of licensed programmes, the use of objectionable, indecent and offensive language when
communicating and the browsing of websites involving such content are prohibited.
3.9 Entertainment, gifts and other benefits As required by the Company's internal procedures, in dealings with customers, suppliers
14
and third parties in general it is forbidden to offer directly or indirectly and as a
personal matter benefits of any kind whatsoever (e.g. offers of money, gifts, favours,
etc.) in order to obtain any kind of real or apparent undue advantage (e.g. promises of
economic benefits, favours, supportive recommendations, promises of jobs). Acts of
commercial courtesy – such as presents, gifts and entertainment expenses – are only
allowed if of a modest value (i.e. not exceeding the corporate gift receipt and
distribution threshold) and must not, in any case, compromise the integrity and
reputation of the recipient or influence their independent judgment. Recipients who
receive gifts or other benefits of considerable value which exceed the company's
threshold limits (i.e. routine courtesy) should refuse such gifts and benefits and
immediately notify their manager or the SB.
3.10 Protection of company assets In order to protect corporate assets, recipients of this Code are required to work
diligently and through responsible behaviour. In particular, each recipient is obliged to:
- use the assigned resources with care and responsibility;
- avoid improper use of company assets which may result in harm, reduced efficiency
or otherwise be contrary to the interests of the Company;
- avoid improper use of Company’s assets for aims and purposes unrelated to his or
her duties and work, especially when such use is detrimental to the Company's image
and integrity.
15
4 ETHICAL PRINCIPLES OF CORPORATE GOVERNANCE 4.1 Corporate bodies and relations with shareholders Corporate bodies, whose members are appointed in a transparent manner, must act and
deliberate with a view to adding value to the Company and its stakeholders, whilst fully
respecting the principles of lawfulness and fairness. The choices and decisions of
corporate bodies must be made independently and be solely aimed to pursue the
Company's interest. To this end, the members of corporate bodies are required to
operate in compliance with the law, the Statute, the Code of Ethics and the
Organizational and Management Model. They must also ensure maximum transparency
in managing the Company, based on compliance with laws, regulations and internal
procedures, while avoiding situations of conflict of interest, attempted corruption and
favouritism, direct or indirect solicitation of personal and career advantages for oneself
or for others and reporting any such situations to the Board and the Supervisory Body.
The Company promotes responsible and informed participation of shareholders in the
decisions pertaining to them through proper periodic and transparent information.
Similarly, it promotes and safeguards the interests of all shareholders and rejects
partisan or special interests. The Company ensures proper conduct of meetings in full
compliance with the right of each shareholder to obtain clarifications, express opinions
and formulate proposals.
4.2 Operating procedures Specific protocols must be adopted by all those involved in any way in the operating
procedures of InfoCert. S.p.A. based on the Code of Conduct and aimed at preventing
detrimental events and potential negative impacts on the Company's situation. Such
protocols shall be integrated and edited after an analysis of the business environment
aimed at highlighting any risks for the Company and the existing control system. Proper
implementation of these protocols makes it possible to identify corporate personnel
responsible for decision making, authorisation and performance of tasks. In line with
16
the principle of controls carried out on the basis of the separation of tasks, it is therefore
necessary that each task be carried out, in the various stages, by different employees
whose competence is clearly defined and known within the organisation, in order to
avoid unlimited powers being attributed to individual employees.
4.3 Accounting transparency Executives, directors, employees and all those who have relations, in any capacity, with
InfoCert S.p.A. are obliged to fully comply with the procedures set out in protocols when
performing their duties and functions. In particular, corporate procedures must be
defined to regulate execution of all operations and transactions, which must be traceable
in terms of legitimacy, authorisation, consistency, congruity, proper recording and
control, including in relation to the use of financial resources. Each operation shall
therefore be supported by adequate, clear and complete documentation, which must be
filed in order to identify its reason and characteristics and the employees who, in its
various stages, were responsible for its authorisation, performance, registration and
verification. Compliance with mandatory procedures on the formation, decision and
recording of company activities and their effects allows to engender and stimulate the
culture of accountability at all corporate levels, thereby contributing to improve
management efficiency and supporting management action. Any non-compliance with
the procedures set out in the protocols and in the Code of Ethics – which shall be
promptly reported to the SB and the BoD – shall compromise the relationship of trust
between InfoCert S.p.A. and all parties interacting with the Company for any reason.
Truthfulness, accuracy, completeness and clarity of basic information are prerequisites
for transparency in accounting records and represent fundamental values for InfoCert
SpA to ensure, among others, that shareholders and third parties be provided with a
clear and accurate picture of the Company's assets and financial situation. This requires
that the supporting documentation of facts which must be entered in the accounting
books be complete, clear, truthful, accurate and valid and that it be kept on record to
allow for appropriate checks. The related accounting records must, under the same
17
conditions, reflect exactly reflect the information set out in the supporting
documentation. Where economic and financial elements based on valuations exist, the
related entry shall be made in accordance with the principles of reasonableness and
prudence, expounding clearly in documentation the criteria which guided the
determination of the asset value. Anyone who becomes aware of potential omissions,
falsifications or irregularities in the keeping of basic accounts and records of the
Company, or of any breach of the principles laid down in current legislation, in this
Code of Ethics and in specific protocols is required to give prompt notice thereof to the
SB and the Board of Directors. Such violations undermine the relationship of trust with
the Company and are subject to disciplinary action.
4.4 Conflict of interest InfoCert S.p.A. acknowledges and respects the right of its employees and collaborators
to make investments and engage in business and other activities outside the sphere of
their service with InfoCert, provided that such activities are permitted by law and
consistent with their obligations to the Company. Directors, managers, auditors,
employees and co-workers of the Company are at all times required to avoid situations
and activities that may contrast with the interests of the Company or that may interfere
with their ability to take impartial decisions in the best interests of the Company and in
full compliance with the principles of the Code or, more generally, to properly fulfil their
duties and responsibilities (e.g. assuming corporate offices or carrying out work
activities of any kind with customers, suppliers, competitors, etc., or taking over –
whether personally or through their families – economic and financial interests in the
business of suppliers, customers, competitors, etc., including by means of direct or
indirect qualifying holdings in the share capital of other entities). Any situation that may
lead to a potential conflict of interest or that may in any way affect the ability to take
decisions solely in the interest of the Company must be immediately reported to the
manager in charge and / or to the Board of Directors and / or to the SB. The person
involved, in turn, shall be obliged to refrain from taking part in the operational and / or
18
decision-making process and the manager in charge and / or the Board of Directors and
/ or the SB shall:
- identify appropriate operational solutions specifically aimed at protecting a
transparent and fair conduct in conducting activities;
- forward the necessary written instructions to the parties concerned;
- file all received and forwarded documentation.
4.5. Accountability Accountability to stakeholders for decisions made, actions taken and results achieved is
deemed essential by InfoCert S.p.A. at all corporate levels. The Company supports,
promotes and urges adoption, in every area, of systematic and periodic reporting forms,
including through innovative communication and information sharing solutions.
19
5 RELATIONS WITH EMPLOYEES 5.1 Employee selection, recruitment and evaluation The selection process takes place through transparent and documented procedures, in
accordance with the principles of equality and equal opportunities during selection and
recruitment, salary promotion or dismissal, while avoiding any form of favouritism,
patronage, nepotism and discrimination based on race, sex, nationality, religion,
language, political or trade union membership. Without prejudice to the obligations
under existing provisions, personnel selection is subject to verification of full
compliance of each candidate with the professional requirements of the Company. In
line with combating illegal labour, the Company recruits its employees under regular
contracts and favours maximum collaboration and transparency with new recruits in the
performance of their tasks. The Company does not tolerate within it any form of
discrimination and favours generally shared and objective decision-making. Measures
are taken to prevent the employment of labour with no valid residence permit. To this
end, when hiring and during the course of the entire employment relationship, the
relevant departments make sure that any workers from third countries have a regular
residence permit and, in the event such permit has expired, that they have proceeded to
renew it. By stating its commitment to compliance with social responsibility
requirements, InfoCert does not employ nor support the use of child labour. Employees
in charge of personnel selection are required to reject any kind of recommendation or
endorsement, however named and regardless of how they are received, in favour of or to
the detriment of participants or persons concerned and which may affect a smooth
candidate selection process. Recruitment of staff is based on regular employment
contracts. No form of employment that does not conform to or infringes in any way the
current provisions of law is admitted.
20
5.2 Professional development and human resource development Working relationships are managed with a view to promoting equal opportunity and
favouring professional growth and expertise of each employee, including through
incentive plans and training plans. With this aim, InfoCert S.p.A. promotes the
professional development of employees and contractors at all levels through appropriate
tools and training plans. The Company stands for all persons working in it as a
workplace free of discrimination, disturbance or harassment. In determining
remuneration policies, the Company is committed to defining possible reward systems
in accordance with appropriate criteria and to avoiding setting unattainable, clearly
unjustified or unreachable goals which may lead recipients to engage in abusive and / or
incorrect behaviour to attain them. A working environment based on respect, fairness
and cooperation shall also favour the involvement and accountability of each individual
with regard to the specific objectives to be achieved and to how they are achieved.
Human resources management must be based on full respect for the personality and
professionalism of each worker, while always guaranteeing their physical and moral
integrity.
5.3 Protection of health and safety at work With regards to working conditions, InfoCert S.p.A. protects the mental and physical
integrity of its employees by avoiding the spread of conducts that could create a hostile
work environment while constantly ensuring its compliance with applicable health and
safety regulations. Employees are bound to comply with all laws and standards relating
to health, safety and environmental protection and to follow the relevant corporate
policy. The Company further ensures the physical and moral integrity of its co-workers,
as well as decent working conditions and safe and healthy working environments, in full
compliance with current legislation on the prevention of accidents at work and on the
protection of workers. In this regard, the Company carries out its business under
technical, organizational and economic conditions that ensure adequate prevention of
21
accidents and a healthy and safe working environment.
The Company is committed to disseminating and reinforcing amongst its employees a
culture of safety and to developing risk awareness and promoting responsible behaviour
by all employees. To achieve this goal, specific Organisational, Management and Control
Models on hygiene and safety are adopted in accordance with regulatory parameters.
Such models must be based on the following principles and criteria:
a) avoiding risks and assessing and reducing risks that cannot be avoided, where
possible by replacing hazardous activities with others that are safe or less dangerous;
b) committing to preventing risks at source;
c) adapting work to man, particularly with regard to the choice of equipment and
methods of work and production, in order to avoid the risk of stress caused by
monotonous and repetitive work and to minimise its effects on health;
d) adapting to technical progress;
e) planning prevention by aiming at a coherent whole that integrates prevention with
technology, organisation of work, working conditions, social relationships and the
influence of work environment factors;
f) prioritising collective protective measures over individual protective measures;
g) giving appropriate instructions to workers and providing them with adequate and
regular training.
22
6. RELATIONS WITH THIRD PARTIES 6.1. Relations with the Public Administration in general Relations with institutions, whether public or private, are the sole responsibility of
specifically delegated business units. They are based on the principles of transparency,
clarity and fairness so as not to lead to partial, false, ambiguous or misleading
interpretations on the part of any institutions with whom any relations are maintained.
In particular, relations with public authorities and all institutions must be conducted by
InfoCert S.p.A. in accordance with applicable laws and regulations, and comply with the
principles of ethics, fairness, transparency, professionalism and verifiability by rejecting
any form of promise or offer of money, goods or other benefits aimed at favouring any
interests or unfair advantage. Contacts with both Italian and foreign Public
Administrations are maintained in full respect of the roles and functions assigned by law
and in full cooperation with the institutions concerned. Relations with public
institutions officials are limited to the designated and duly authorised corporate
departments, in strict compliance with laws and regulations and must not in any way
compromise the integrity and reputation of the institutions concerned. InfoCert S.p.A.
therefore undertakes to:
- deal without any kind of discrimination and through specific communications
channels with national, international, EU and local P.A. institutions;
- represent the interests and positions the Company in a transparent, rigorous and
consistent manner, avoiding collusive conduct.
Counterfeiting, altering or omitting data and / or information in order to obtain an
undue advantage or any other benefit for the Company are prohibited. Recipients are
not allowed to offer cash, gifts, presents or other benefits to Public Administration or
Public Institutions directors, officers or employees or to their relatives, except where
such gifts or benefits are of modest value and, in any case, where they do not
compromise the integrity or reputation of either party. In the course of any business
negotiation, request or relation with the Public Administration or Public Institutions,
23
recipients must not attempt to improperly influence the decisions of the counterpart,
including those of officials who are dealing or making decisions on behalf of the Public
Administration and Public Institutions. In the specific case of a call for tenders, all
relations must be carried out in compliance with the current laws and good business
practice. Should the recipients receive requests or offers of benefits from public officers,
they must immediately suspend relations and report the fact to the SB or the BoD.
It is therefore strictly forbidden to:
- directly or indirectly pay or offer to pay sums of money or offer material benefits to
civil servants and public officials with the intent of influencing or compensating an
action of their office or providing any kind of benefit to the entity (where benefit is
intended as meaning anything that grants an objective advantage – whether material,
moral or other – by means of a giving or taking action and that is deemed significant by
custom or by the common belief, such as employment opportunities or commercial,
sexual favours, etc.);
- give or offer, directly or indirectly and under different forms of assistance or
contributions, payments or material benefits to civil servants/public officials with the
intent of influencing or compensating an action of their office or promoting and
encouraging the interests of the entity;
- grant advantages of any kind to civil servants/public officials;
- use the recruitment process or the salary system as a means to provide direct or
indirect benefits to civil servants / public officials;
- submit false statements to the Public Administration;
- allocate any moneys received from the Public Administration by way of grants,
contributions, loans, task assignments, subsidised loans etc., for different purposes than
those for which they were granted.
Therefore, special attention and care must be taken in operations relating to tenders,
contracts, permits, licenses, concessions, requests for and/or management of, any
financing in any currency from any public institution (national, foreign or European),
24
management of contracts, relationships with any authority in charge of surveillance or
with any other independent authority, with social security institutions, tax institutions,
bankruptcy management bodies, civil, criminal or administrative proceedings, etc. In
business negotiations and trade relations with the P.A., it is strictly forbidden to take
direct or indirect measures aimed at offering opportunities for employment and/or
trade which civil servants or their relatives or relatives-in-law may draw benefits from,
either for themselves or for others. In the event of the company being represented by a
“third party” in relations with public administration, the same principles and directives
valid for the Company apply to the third party and to his staff, agents and associates.
6.2 Relations with Supervisory and Control Authorities Recipients of the Code are required to comply with any legislation that applies to areas
related to their positions and with the instructions issued by the competent Public
Surveillance Authorities. Notices, reports, alerts and responses to specific requests from
Public Surveillance Authorities must be guided by full compliance with the principles of
completeness, integrity, objectivity, transparency and truthfulness of the information. It
is strictly prohibited to disseminate untrue information regarding the Company's
economic, financial or balance sheet situation, even if still under assessment, or to
conceal, with other fraudulent means, in whole or in part, any mandatory information
concerning these situations. In any case, it is prohibited to hinder in any form and
manner Public Surveillance Authorities in the exercise of their duties. The Company
identifies and defines the lines of communication with Public Surveillance Authorities
by designating employees in charge of dealing with them during checks and inspections,
and by providing appropriate procedures for registration of all activities performed in
the course of those inspections. It is strictly forbidden to promise or give money or
another commodity to civil servants or Public Surveillance Authorities officers with the
aim of obtaining benefits or favourable decisions from them. Similarly, it is absolutely
forbidden to accept any undue demands or pressures from public officials in charge of
inspections and controls aimed at achieving cash or other benefits. Where this occurs,
25
the recipient of such demands shall immediately report the incident to his immediate
supervisor, the SB and / or the Board of Directors.
6.3 Relations with judicial authorities In its relations and contacts with judicial authorities, InfoCert undertakes to offer its full
cooperation, make statements that are truthful and true to facts and refrain from any
obstructive conduct, in full compliance with the law and in accordance with the
principles of loyalty, fairness and transparency. Any conduct designed to favour or
damage one of the parties to a proceeding or to condition, in any form and manner, the
will of a party summoned by the Judicial Authority in order to prevent them from
making statements or to encourage them to make false statements is especially
prohibited. It is similarly prohibited to promise or offer money, gifts or other
commodities to persons involved in court proceedings or to persons related to them in
order to gain an unfair advantage.
6.4 Relations with customers and purchasers When dealing with customers, all recipients of the Code of Ethics are required to follow
the principles of professionalism, competence, integrity, availability and courtesy.
Complete customer’s satisfaction has been identified by the Company as one of the
primary objectives to be pursued in the course of its commercial activities. The
Company ensures utmost transparency and impartiality and rejects any form of
discrimination in dealings with customers. It further undertakes to provide customers
with transparent communications, messages and contracts, avoiding the use of unfair
trade practices and of any difficult to understand and ambiguous contractual terms or
formulas. The Company promotes continuous improvement in the quality of services
offered to end users. Relations with purchasers must be based on the principles of
fairness and good faith in commercial transactions, as well as on compliance with
contractual obligations and agreements. In bidding, the Company is required to
carefully evaluate the feasibility of the services required and their appropriateness,
26
particularly with regard to the technical and economic conditions of the work or service.
Bids must be such as to always ensure compliance with appropriate quality levels, grant
appropriate wages to employees, and comply with all applicable safety measures. Parties
who are or may appear to be in conflict of interest may not participate in negotiations.
6.5 Relations with suppliers Contracts with suppliers must be concluded based on the principles of fairness,
integrity, transparency and completeness. The choice of suppliers must be based on
objective and fair criteria, after taking into account solely to the quality and cost of
goods and services, as well as to the professionalism and competence of those involved
and their compliance with regulations on hygiene and safety at work. It is forbidden to
accept gifts, presents or other commodities of considerable value which are not
attributable to routine courtesy. The Company prohibits to issue purchase orders that
are not warranted by a specific and justified need and that are not authorised by
specifically designated employees. No remuneration can be paid to consultants and
suppliers for reasons outside the assignment awarded to them and not based on the
market prices for a specific product or service. Any breach of the principles of fairness,
transparency, confidentiality and protection of human dignity are just cause for
resolution of contractual relationships with suppliers. In the event that a recipient of
this Code of Ethics were offered benefits or other commodities by a supplier aiming to
obtain a business advantage, the recipient must immediately notify this to the SB and
the BoD and terminate all relations with the supplier.
6.6 Relations with financial intermediaries
Choice, selection and relations with intermediaries must be based on the principles of
legality, fairness and transparency. Intermediaries are chosen based on their reputation
and adherence to values consistent with those stated in this Code. Communications and
contracts with intermediaries must be sufficiently transparent and clear, thereby
27
avoiding any kind of misunderstanding that could encourage use of unfair business
practices. Contracts entered into with intermediaries must specifically provide for
compliance with the Company's Protocols and Code of Ethics and shall include specific
termination and damage compensation clauses in case of violation of the principles
contained therein. Any violation of the principles of legality, transparency, fairness,
confidentiality and human dignity shall be proper grounds for termination of
contractual relationships with intermediaries. No proposals for benefits or other
advantages or commodities from intermediaries shall be allowed. Similarly, it is
forbidden to offer or promise gifts, benefits or other commodities to intermediaries.
Anyone who is offered benefits, commodities or other advantages from an intermediary
or becomes aware of violations, forgeries or negligence on the part of an intermediary or
of one of their aides or assistants shall notify this immediately to the SB and the BoD.
6.7 Relations with Political Parties and Trade unions InfoCert S.p.A. does not provide financing, contributions, benefits or other direct or
indirect commodities to political parties, their candidates, movements, associations and
political committees or organizations, nor to public administrations and trade unions or
their representatives, both in Italy and abroad, except as in compliance with applicable
laws, in full transparency and in observance of internal corporate procedures.
6.8 Rules of conduct for the protection of the environment All activities of InfoCert S.p.A. are carried out and managed in full compliance with the
law on environmental protection (Legislative Decree No. 152/2006). Recipients of this
Code are obliged to refrain from any conduct which may endanger the environment and
to report any potential risks, violation or inadequacy of environmental protection
measures to the SB and to the BoD. The Company acknowledges the need for
sustainable development of economic activities and therefore ensures its contribution to
greater protection of natural and environmental resources by setting as its specific
objective the compliance by all recipients of this Code with the following principles:
28
- carrying out all activities with a view to constantly engaging in pollution prevention;
- maintaining long-term compliance of its environmentally sensitive activities with
national and international laws, regulations and requirements;
- pursuing continuous improvement of its environmental performance through the
definition of objectives and programmes, while bearing in mind the characteristics of its
in-house and free-lance collaborators, regulatory developments, technical opportunities
and the economic environment;
- developing and disseminating an environmental protection culture among its
employees, contractors, suppliers etc., so as to raise their awareness on the importance
of managing environmental issues as part of their work;
- preventing accidents through the use and constructions of plants which comply with
safety standards, and developing and updating plans and procedures designed to
address potential emergency scenarios in collaboration with special departments and
competent authorities;
- periodically reviewing its Environmental Policy in order to keep it current and
consistent with legal requirements and to ensure that it is appropriate to the nature,
size, characteristics and environmental impacts of its business.
29
7. RELATIONS WITH THE MEDIA AND MANAGEMENT OF INFORMATION 7.1 Conduct It is the exclusive responsibility of persons specially delegated by InfoCert S.p.A. to
maintain relations with the press, the media and, more generally, with external
stakeholders in accordance with the law, the Code of Ethics and applicable regulations,
protocols and corporate procedures. Any request for information from the press or the
media received by staff at InfoCert S.p.A. shall be notified to the persons (corporate
departments) responsible for external communications before assuming any
commitment to respond to the request. External communications shall be based on the
principles of truthfulness, transparency, fairness and prudence, and shall aim to
promote knowledge of the Company's policies, programmes and projects.
7.2 Price sensitive information Any form of direct or indirect investment based on confidential company information is
prohibited. Specifically, the disclosure of news, information and documents relating to
events that occur within the sphere of InfoCert S.p.A. activities and that, by not being in
the public domain, may be capable, if disclosed, of significantly influencing the price of
financial instruments and stock market performance, shall at all times be made only and
exclusively through specially designated media and parties prior approval by the
directors, in order to prevent the risk of insider trading.
30
8. RELATIONS WITH ASSOCIATED COMPANIES Relations between InfoCert S.p.A. and associated companies are conducted in
accordance with the principles of fairness, good faith, loyalty and legality. Associated
companies performing activities on behalf of InfoCert are required to comply with the
provisions of this Code, company regulations and guidelines and instructions given,
insofar as applicable to them.
9. PROTECTION OF INDUSTRIAL AND INTELLECTUAL PROPERTY RIGHTS. PROTECTION OF SOFTWARE AND DATABASES Recipients of this Code are required to comply with the laws on intellectual property,
patents, software rights of other parties, databases and copyrighted material used both
in the course of performing job functions and in creating products or services or for
promotional and demonstration purposes. To this end, it is strictly prohibited to:
- counterfeit or forge trademarks, logos, patents, domestic or foreign industrial
designs or any other signs capable of being represented graphically;
- introduce within the State, sell, stock for sale, put into circulation products bearing
trademarks or other counterfeit or forged signs;
- manufacture, trade and use in the industry any products that infringe the industrial
or intellectual property rights of third parties;
- replicate any copyrighted software used by staff for business operations;
- use unauthorised software on company-owned computers;
- illegally duplicate, import, sell or stock for commercial purposes any programs
protected by the industrial or intellectual property rights of third parties;
- reproduce, transfer to another medium, distribute or spread without authorisation
the contents of a database
To avoid any witting or unwitting infringement of third parties' rights on protected
works, recipients of the Code shall duly comply with the instructions provided.
31
10. PREVENTION OF MONEY LAUNDERING AND HANDLING OF STOLEN GOODS All InfoCert S.p.A. commercial transactions must be conducted in accordance with the
principles of transparency and fairness. Depending on their specific business function,
each employee must:
- prepare appropriate contractual documentation in support of each transaction
(conclusion of the contract, assignment award, terms and conditions, etc.);
- comply with corporate requirements for selecting and assessing the reliability of the
counterparty;
- guarantee transparency of trade relations;
- check the regularity of payments, invoices, any other tax document, visas and / or
payment authorisations and of any additional documentation required by the internal
procedures;
- check the Company's internal payment transactions.
The Company has adopted suitable staff training programmes deemed to be exposed to
the risk of money laundering. All recipients are required to report any violations of anti-
money laundering legislation of which they become aware in the exercise of their
functions or otherwise to the SB and the BoD.
11. TOOLS FOR IMPLEMENTING THE CODE OF ETHICS 11.1 Internal control and risk management system InfoCert S.p.A. commits to establish and maintain an appropriate internal control and
risk management system, namely a set of rules, policies, procedures and organisational
structures aimed at ensuring compliance with corporate strategies, effectiveness and
efficiency of business processes, protection of assets, loss protection, reduction of
business risks, reliability and integrity of accounting management information,
compliance of every transaction with laws and internal regulations. Such systems should
32
be periodically reviewed and updated to ensure its adequateness and suitability over
time. Control and supervisory bodies and auditing firms shall have full access to all data,
documents and information required in performing their tasks. The Company has
defined the following general principles of transparency, which apply to all business
processes and activities:
1) segregation of duties and positions, i.e. separation within each process between
decision makers, decision recipients and decision implementation supervisors;
2) formalisation of a system of powers of representation which clearly identifies
corporate officers who hold authorisation and signatory powers;
3) definition of reporting lines and information flows between different corporate
levels and assignment of relevant responsibilities;
4) definition of corporate rules providing at least a general benchmark for the
regulation of processes and business activities;
5) documentation and verifiability of all company activities, so as to ensure the
traceability of transactions and parties involved in each managerial operation and to
facilitate checks;
6) management of financial resources based on crime prevention procedures.
Within their own functions and duties, each recipient is therefore responsible for the
establishment, implementation and proper functioning of controls on activities under
their responsibility.
11.2 Code of Ethics Guarantor Pursuant to Legislative Decree No. 231/2011, the Supervisory Board is the guarantor of
implementation of this Code. The SB is entrusted with the following tasks and duties:
a) promoting the implementation, dissemination and knowledge of the Code of Ethics,
as well as of the reference procedures;
b) promoting specific communication and training programmes for the Company's
management and employees;
c) reviewing any information on possible violations of the Code and taking steps in
33
order to carry out all the necessary checks;
d) reporting the results of the checks to the competent departments for adoption of
appropriate sanctions.
The SB shall submit a semi-annual report to the Board of Directors on the
implementation of the Code of Ethics and on any potential updates needed. In this
regard, InfoCert shall ensure an adequate flow of communications and periodic
reporting to the Guarantor through the most suitable methods and structures.
12. DISCIPLINARY AND SANCTION SYSTEM The Company's internal control system is focused on the adoption of tools and
methodologies to counter potential business risks, with the aim of reasonably
guaranteeing compliance with its Code of Ethics. The Company intends to prosecute all
conduct that is in contrast with current regulations, with this Code and with procedures
adopted and that may harm the interests of the Company.
Infringement of these regulations, of the principles of this Code and of internal
procedures undermines the relationship of trust with the Company and shall result in
disciplinary actions (in accordance with current legislation and collective bargaining
regulations) and damages actions as provided by the Organisational Model, of which
this Code is an integral part. The Organisational Model also defines responsibilities and
rules for implementation of disciplinary actions. Infringements are prosecuted
incisively, promptly and immediately through relevant disciplinary actions. In
accordance with the rules and laws on which this Code is based, the Board provides for
and defines the cases of infringement of the Code and the disciplinary, legal or criminal
penalties to be applied. This includes the drafting of a disciplinary system to be
submitted for approval by the Board itself and to the Board of Auditors in consultation
with social partners. It is the duty of the Board to update the disciplinary system by
adapting it to any regulatory changes. As a rule, it is the responsibility of the Board to
impose sanctions, but in the event that one or more of its members are involved in
34
illegal activities provided by the Code, the Board is obliged to proceed in the absence of
such members. Depending on the infringement committed by the person involved in
one of the illegal activities under the Code, the competent department shall take
appropriate action, whether or not resulting in prosecution. In particular, in imposing
the sanctions the Board shall take into account the type of offence, the circumstances,
the gravity of the conduct, the possibility that the conduct may solely amount to an
attempted breach and the possibility of repeated infringement by the subject. The SB
has the power to summon and hear the person filing the report and any other parties
jointly responsible for the infringement. External staff should submit their reports in
writing to the SB to one of the following addresses:
1) Organismo di Vigilanza, InfoCert S.p.A – piazza Sallustio n. 9, 00187 Roma;
In dealing with any reported actual or attempted infringement of provisions contained
in the Code of Ethics, InfoCert shall ensure that nobody, in his/her working activity,
may suffer undue reactions, influences, nuisances or discrimination as a result of having
reported the infringement.